Tip of the week: Draft policy that outlines how often staff members should change their passwords
HIM Connection, August 5, 2008
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Changing your password is addressable under the HIPAA security rule. Your organization must perform and document a risk assessment to determine when, how often, and why it will require employees to change their passwords. Your organization should have a written policy that describes the types of passwords that are appropriate. The policy should also describe the protocol for changing passwords or clearly articulate why your facility has decided not to require employees to change their passwords. Cost cannot be the reason as to why you do not implement an addressable requirement. The risk assessment and policy will document your facility’s due diligence in the event of a security breach or audit.
Editor’s note: This Q&A was excerpted from the July issue of Medical Records Briefing.Chris Simons, RHIA, director of HIM and privacy officer at Spring Harbor Hospital in Westbrook, ME, answered this question. For more information, visit www.hcpro.com/content/213045.cfm.
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Comments
0 comments on “Tip of the week: Draft policy that outlines how often staff members should change their passwords ”
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched